Practical Intranet Security Overview of the State of the Art and Ava
Foreword by Lars Knudsen Practical Intranet Security focuses on the various ways in which an intranet can be violated and gives a thorough review of the technologies that can be used by an organization to secure its intranet. This includes, for example, t
- PDF / 24,135,364 Bytes
- 254 Pages / 439.37 x 666.142 pts Page_size
- 105 Downloads / 158 Views
PRACTICAL INTRANET SECURITY Overview of the State of the Art and Available Technologies
by
PAUL ASHLEY Queensland University of Technology, Brisbane, Australia
and
MARK VANDENWAUVER K. U. Leuven,
Belgium
SPRINGER SCIENCE+BUSINESS MEDIA, B.V.
Library of Congress Cataloging-in-Publication Data
Additional material to this book can be downloaded from http://extras.springer.com. ISBN 978-1-4613-7566-1 ISBN 978-1-4615-5609-1 (eBook) DOI 10.1007/978-1-4615-5609-1
Printed on acid-free paper
All Rights Reserved © 1999 Springer Science+Business Media Dordrecht Originally published by Kluwer Academic Publishers in 1999 Softcover reprint of the hardcover 1st edition 1999 No part of the material protected by this copyright notice may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording or by any information storage and retrieval system, without written permission from the copyright owner.
Contents
Foreword Acknowledgments Preface
xiii XVII
xix
Part I Network Security Concepts 1. SECURITY SERVICES AND CRYPTOGRAPHY 1.1 Introduction 1.2 Cryptographic Services 1.2.1 Entity Authentication 1.2.2 Data Authentication 1.2.2.1 Data Integrity 1.2.2.2 Data Origin Authentication 1.2.3 Non-repudiation 1.2.4 Data Confidentiality 1.3 Access Control and Authorization 1.3.1 Access Control Lists (ACLs) 1.3.2 Delegation 1.4 Cryptographic Primitives 1.4.1 Encryption Primitives 1.4.1.1 Symmetric Ciphers 1.4.1.2 Asymmetric Ciphers 1.4.1.3 Symmetric versus Asymmetric Ciphers 1.4.2 Authentication Primitives 1.4.2.1 One-way Functions and Hash Codes 1.4.2.2 MAC Construction and Security 1.4.2.3 Digital Signature 1.4.2.4 Hash Functions and Digital Signatures 1.4.3 Hybrid systems 1.5 Key Escrow and Key Recovery 1.6 Export Regulations 1.7 Public Key Infrastructure 1.7.1 X.509
3 3 4 4 5 5 5 5 6 6 7 8 8 8 9 12 12 14 14 14 15 16 16 18 19 20 20 v
vi
PRACTICAL INTRANET SECURITY
1.7.2
SDSI
22
2. AUTHENTICATION AND KEY MANAGEMENT 2.1 Introduction 2.2 UNIX Authentication 2.3 Biometrics 2.3.1 Fingerprints 2.3.2 Hand Geometry 2.3.3 Retina 2.3.4 Voice and Face Recognition 2.3.5 Writing 2.3.6 Typing Speed 2.4 Dynamic Authentication 2.4.1 Code Book 2.4.2 Time Based 2.4.3 Challenge-Response Based 2.5 Cryptographic Protocols 2.5.1 Glossary and Definitions 2.5.2 The Use of Timestamps and Nonces 2.5.2.1 Timestamps 2.5.2.2 Nonces 2.5.3 Entity Authentication 2.5.3.1 ISO/IEC 9798-2 2.5.3.2 ISO 9798-3 2.5.3.3 X.509 2.5.4 Key Establishment 2.5.4.1 Diffie-Hellman 2.5.5 Entity Authentication and Key Establishment 2.5.5.1 Needham-Schroeder 2.5.5.2 Authenticated Key Exchange Protocol (AKEP) 2.5.5.3 Modified Needham-Schroeder 2.5.5.4 Station-to-Station Protocol 2.5.6 Overview
25 25 25 28 29 29 30 30 30 30 31 32 32 33 33 33 35 35 36 36 36 37 37 38 38 39 39 40 41 42 42
3. COMPUTER NETWORKS 3.1 Introduction 3.2 Computer Networking Concepts 3.3 Layered Protocol Architectures 3.3.1 051 Reference Model 3.3.1.1 Security in the 051 Reference Model 3.3.2 TCP/IP 3.3.2.1 Security in the TCP /IP Model 3.4 T
